I have a small network built around CentOS 7 router.
I want one VLAN which can access only specific IPs. Trouble is, I don't want to share details to users. So the permitted IPs looks like "1.1.1.1" or "4.4.4.4" which must be redirected to some real IPs with non-standart ports.

So... how can I redirect all requests to 1.1.1.1:80 to, for example 54.167.21.30:218? In theory, there must be some iptables rule for it? Can someone provide an example?